Fortify Application Defender vs Fortra Tripwire IP360 comparison

The compared OpenText and Fortra solutions aren't in the same category. OpenText is ranked #33 in AS , and holds a 1.4% mindshare in the category. Fortra is ranked #58 in VM , and holds a 0.7% mindshare. Additionally, 81% of OpenText users are willing to recommend the solution, compared to 60% of Fortra users who would recommend it.

Fortify Application Defender

Read 11 Fortify Application Defender reviews

2,305 Views
1,913 Comparison Views

81% willing to recommend

Fortra Tripwire IP360

Read 6 Fortra Tripwire IP360 reviews

1,492 Views
1,149 Comparison Views

60% willing to recommend

Fortify Application Defender

Fortra Tripwire IP360

Comparison Buyer's Guide

Download the report

Executive Summary

We performed a comparison between Fortify Application Defender and Fortra Tripwire IP360 based on real PeerSpot user reviews.

Find out what your peers are saying about SonarSource Sàrl, Checkmarx, Veracode and others in Application Security Tools.

To learn more, read our detailed Application Security Tools Report (Updated: May 2026).

Buyer's Guide

Application Security Tools

May 2026

Download the complete report

Helped 896,099 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Fortify Application Defender

Average Rating

7.8

Reviews Sentiment

6.6

Number of Reviews

Ranking in other categories

Application Security Tools (33rd)

Fortra Tripwire IP360

Average Rating

7.0

Reviews Sentiment

4.3

Number of Reviews

Ranking in other categories

Vulnerability Management (58th)

Mindshare comparison

Fortify Application Defender and Fortra Tripwire IP360 aren’t in the same category and serve different purposes. Fortify Application Defender is designed for Application Security Tools and holds a mindshare of 1.4%, up 0.6% compared to last year.
Fortra Tripwire IP360, on the other hand, focuses on Vulnerability Management, holds 0.7% mindshare, up 0.4% since last year.

Application Security Tools Mindshare Distribution
Product	Mindshare (%)
Fortify Application Defender	1.4%
SonarQube	13.6%
Checkmarx One	8.8%
Other	76.2%

Application Security Tools

Vulnerability Management Mindshare Distribution
Product	Mindshare (%)
Fortra Tripwire IP360	0.7%
Wiz	5.0%
Qualys VMDR	4.2%
Other	90.1%

Vulnerability Management

Featured Reviews

VinothSivam

CTO at Abcl

Useful for fast code review in devOps pipelines

I rate the tool's scalability a seven out of ten. However, I'm concerned about how it handles an increasing number of lines of code. As the complexity grows, so does the time it takes for the tool to review everything. I want more clarity on how Fortify Application Defender handles multiple threats. We have numerous endpoints, but the tool runs in our pipeline, meaning it operates in the cloud. All our code is configured there, and the tool runs integration testing, unit testing, user testing, and final production code tests. It's a day-to-day experience. It's utilized almost every day as part of our pipeline runs. Each team responsible for integration testing, human testing, user access testing, and preproduction testing runs it whenever they take a build.

Read full review

Corey Cole

Service Coordinator - Technology Security at a government with 10,001+ employees

The solution helps users to manage their entire IP range, but it's unreliable and very expensive to maintain

Only the administrator was using the product. He used it to read reports as part of our compliance programs. It wasn't heavily used by a lot of users. The tool comes in at a large scale, and we tried to scale it down. The scaling did not apply to us. It was neither difficult nor easy. I rate the scalability a five out of ten. We had some challenges while scaling it down. It could do 10,000 devices, and we wanted to use it for ten devices. The process was difficult and expensive. We did not need the product anymore.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"Fortify Application Defender has a few drawbacks, it has its own pros and cons, but it's a good tool to use in any industry."

"We are able to provide our customers with a secure application after development; they are no longer left wondering if they are vulnerable to different threats within the market following deployment."

"Its ability to find security defects is valuable."

"We are able to provide out customers with a secure application after development. They are no longer left wondering if they are vulnerable to different threats within the market following deployment."

"The product saves us cost and time."

"The solution helped us to improve the code quality of our organization."

"The most valuable feature is that it analyzes data in real-time."

"The solution helped us to improve the code quality of our organization."

More Fortify Application Defender pros

"This product detects vulnerabilities which exist in the environment, and provides enough information that allows for remediation, thereby securing the environment."

"Tripwire IP360 is a very stable solution."

"We could manage our entire IP range with the solution."

"Tripwire is one of the most mature in terms of companies, suites, support, everything, much more than any other product."

"It has enhanced the security program by ensuring that all external-facing systems are scanned on a routine basis."

"It's become the pinnacle point for anything that enters the network or anything that's passing through to production to first be affected by IP360, hardened, and up to standard. For our integrity management, one was deployed in the bank about two years ago and that's still going to expand the usage and the product itself. That will go hand in hand with training and expanding the product as for where it's deployed."

"The company probably chose this solution because they thought that they would be getting the best bang for their buck."

"Tripwire IP360 helps me to discover most of the vulnerabilities, and I like the way that it prioritizes these vulnerabilities, as it allows me to focus on the most important ones first and then follow up with the rest."

Cons

"The biggest complaint that I have heard concerns additional platform support because right now, it only supports applications that are written in .NET and Java."

"The false positive rate should be lower."

"Support for older compilers/IDEs is lacking."

"Fortify Application Defender gives a lot of false positives."

"The workbench is a little bit complex when you first start using it."

"The product should integrate industry-standard code review tools internally with its system. This would streamline the coding process, as developers wouldn't need multiple tools for code review and security checks. Many independent and open-source tools are available, from Apache to various libraries. Using multiple DevOps pipeline tools can slow the turnaround time."

"The solution could improve the time it takes to scan. When comparing it to SonarQube it does it in minutes while in Fortify Application Defender it can take hours."

"The workbench is a little bit complex when you first start using it."

More Fortify Application Defender cons

"We need to dedicate time and resources to keep it running."

"The reporting functions can use improvement."

"I am not very impressed by the technical support."

"The reporting functions can use improvement. There is room for growth because reporting functions differ a lot depending on what you're going to output. It depends on whether it's for technical or senior management and how it's interpreted. There could be growth within the reporting functionality side."

"If you are looking for better reporting capabilities and vulnerability tracking over time for remediation purposes, then this is not the best solution."

"We would like to have better reporting capabilities and for them to be more granular."

"For IP360, unfortunately, scans for certain vulnerabilities often cause issues, as they are mainly false positive."

"I am not very impressed by the technical support."

Pricing and Cost Advice

"The base licensing costs for the SaaS platform is about $900 USD per application, per year."

"The licensing is very complex, it's project based and can range from $10,000 to $200,000+ depending on the project type and size."

"The price of this solution could be less expensive."

"Fortify Application Defender is very expensive."

"The product’s price is much higher than other tools."

"I rate the solution's pricing a five out of ten. It comes as an annual cloud subscription. The tool's pricing is around 50 lakhs."

"I believe the price compares well within the market."

"The product was expensive for us."

See which vendors are best for you

Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.

See recommendations

896,099 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Financial Services Firm

19%

Manufacturing Company

10%

Construction Company

Comms Service Provider

Manufacturing Company

13%

Construction Company

Comms Service Provider

Energy/Utilities Company

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

By reviewers
Company Size	Count
Small Business	3
Midsize Enterprise	1
Large Enterprise	8

By reviewers
Company Size	Count
Small Business	2
Midsize Enterprise	1
Large Enterprise	4

Comparisons

SonarQube vs Fortify Application Defender

Compared 13% of the time

Checkmarx One vs Fortify Application Defender

Compared 10% of the time

Veracode vs Fortify Application Defender

Compared 7% of the time

Klocwork vs Fortify Application Defender

Compared 5% of the time

GitGuardian Platform vs Fortify Application Defender

Compared 4% of the time

More Fortify Application Defender Competitors

Tenable Nessus vs Fortra Tripwire IP360

Compared 12% of the time

Checkmarx One vs Fortra Tripwire IP360

Compared 10% of the time

Tenable Security Center vs Fortra Tripwire IP360

Compared 9% of the time

IBM Guardium Vulnerability Assessment vs Fortra Tripwire IP360

Compared 6% of the time

Vicarius vRx vs Fortra Tripwire IP360

Compared 5% of the time

More Fortra Tripwire IP360 Competitors

Product Reports

Buyer's Guide

Application Security Tools

May 2026

Download Fortify Application Defender product report

Buyer's Guide

Fortra Tripwire IP360

May 2026

Download Fortra Tripwire IP360 product report

Also Known As

HPE Fortify Application Defender, Micro Focus Fortify Application Defender

IP360

Overview

Fortify Application Defender offers strong protection by identifying and resolving security defects using machine learning and real-time remediation. Its user-friendly interface simplifies integration in CI/CD workflows and supports security scanning across operating systems and compilers.

Fortify Application Defender is a comprehensive tool for static code analysis and security scanning. It integrates machine learning algorithms to identify vulnerabilities quickly and offers real-time remediation solutions. Its seamless integration with WebInspect allows for tailored rule sets that significantly improve defense against application-specific threats. The tool's efficiency in static and software composition analysis provides actionable repair insights. As part of a DevOps pipeline, it aids in maintaining code quality, helping organizations protect sensitive information within their applications. Additionally, it supports multiple operating systems and environments, allowing users to scan for vulnerabilities in both code and libraries effectively.

What are the key features of Fortify Application Defender?

Security Defect Identification: Uses advanced algorithms to detect security flaws.
Real-time Remediation: Provides immediate solutions for vulnerabilities.
WebInspect Integration: Customizable rule sets enhance protection.
Actionable Insights: Delivers clear repair strategies.
User-friendly Configuration: Easy set-up in CI/CD pipelines.

What benefits should users consider when evaluating Fortify Application Defender?

Scalable Integration: Works with multiple operating systems and compilers.
Improved Code Quality: Prevents exposure of sensitive data.
Efficient Scanning: Reduces time to identify threats.
Customizable Rules: Enhances security measures specific to applications.

Fortify Application Defender is commonly used in industries like banking and finance to secure applications by inspecting source code for vulnerabilities. Companies can integrate it seamlessly into their DevOps pipelines, ensuring that their applications are protected against cyberattacks while maintaining high code quality. They can thereby avoid common risks such as IP and password exposure by leveraging static code analysis and other integrated technologies available within this tool.

OpenText

Tripwire IP360 is a powerful vulnerability management solution that identifies and prioritizes network vulnerabilities for remediation. It is highly effective in scanning devices and applications, improving security posture, ensuring compliance, and managing risks.

Users value its detailed reporting, user-friendly interface, and seamless integration with other security tools for efficient security management.

Fortra

Sample Customers

ServiceMaster, Saltworks, SAP

1. Aetna 2. Accenture 3. Adidas 4. AIG 5. Airbus 6. Akamai 7. Amazon 8. American Express 9. Aon 10. Apple 11. ATT 12. Autodesk 13. Bank of America 14. Barclays 15. Bayer 16. Bechtel 17. BlackRock 18. Boeing 19. BNP Paribas 20. Cisco 21. CocaCola 22. Comcast 23. Dell 24. Deutsche Bank 25. eBay 26. ExxonMobil 27. FedEx 28. Ford 29. General Electric 30. Google 31. HP 32. IBM

Buyer's Guide

Application Security Tools

May 2026

Download Free Report

Find out what your peers are saying about SonarSource Sàrl, Checkmarx, Veracode and others in Application Security Tools. Updated: May 2026.

DOWNLOAD NOW

896,099 professionals have used our research since 2012.

We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.